[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DRAFT letter on SB06-062 email voting
- To: cvv-discuss@xxxxxxxxxxxxxxxxx, attendees <attendees@xxxxxxx>
- Subject: Re: DRAFT letter on SB06-062 email voting
- From: Ralph Shnelvar <ralphs@xxxxxxxxx>
- Date: Thu, 16 Feb 2006 18:33:10 -0700
- Cc: "Neal McBurnett" <neal@xxxxxxxxxxxxxxxxx>, <PKlammer@xxxxxxx>, "'Barbara Simons'" <simons@xxxxxxx>, "'Julieann Murphy Cross'" <jmcross@xxxxxxxxxxxxxxxxxxxxx>, <Margitjo@xxxxxxx>, <alkolwicz@xxxxxxxxx>, <j.c.callahan@xxxxxxxx>, <gcahoon@xxxxxxxxx>, <laurieannb@xxxxxxx>, <stith@xxxxxxxxxxxxxx>, <richey80304@xxxxxxxxx>, <ivan.meek@xxxxxxxxx>, "'Sheila Horton'" <sheila.horton@xxxxxxx>, "'Richard Bowles'" <rjb3445@xxxxxxxxxxx>, "'Jessica Peck Corry'" <jessica@xxxxxxx>, <dellington@xxxxxxxxxxxxxxxxxxxxxxxx>, "'David Hughes'" <dave@xxxxxxxxxxx>, "'Monty Lambie'" <mlambie@xxxxxxxxxxxxxxxxxxxxxxxx>, "'Lotus'" <lotus23@xxxxxxxxxxxx>, "'Bob Mcgrath'" <bob.mcgrath@xxxxxxxxxx>, "'Carolyn Myers'" <flyingmranch1@xxxxxxxxxxxx>, "'Alison Maynard Esq'" <amaynard_1@xxxxxxxx>, "'Paul Tiger'" <tigerp@xxxxxxxxx>, "'Kelly Ceballos'" <kceballos@xxxxxxx>, "'Joe Pezzillo'" <jpezzillo@xxxxxxxxx>, "'Steve Gresh'" <sfgresh@xxxxxxxx>, "'Lisa Burks'" <lburks@xxxxxxxxxxxxxx>, "'Linda Seaborn'" <lseaborn@xxxxxxxxx>, "'Cindy L Espinoza'" <clespinoza@xxxxxxxxxxx>, "'Donald K Darnell'" <donald.darnell@xxxxxxxxxxxx>, "'Ellie Collinson'" <ellie@xxxxxxxxxxxxxxxxxxx>, "'Dr. Charles E. Corry'" <ccorry@xxxxxxxx>, "'Carol Pfeffer'" <gjpandcp@xxxxxxx>, "'Mark Heinrich'" <m.heinrich@xxxxxxxx>
- Delivered-to: mailing list cvv-discuss@coloradovoter.net
- In-reply-to: <CIEBKJHNPDFOPHMFLHNJEEHLCBAA.r_msft@adelphia.net>
- List-help: <mailto:cvv-discuss-help@coloradovoter.net>
- List-post: <mailto:cvv-discuss@coloradovoter.net>
- List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
- List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
- Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
- References: <20060216204001.GM8989@feynman> <CIEBKJHNPDFOPHMFLHNJEEHLCBAA.r_msft@adelphia.net>
- Reply-to: ralphs@xxxxxxxxx
Ron:
You, apparently, are missing some points on electronic security.
There are many more than two holes. Here are the most egregious two, I
think.
First, in order for encryption to be secure, the key exchange needs to be
secure. How would you guarantee that? Public key encryption, for instance,
depends on a trusted third party. Who would that trusted third party be in
this instance?
Second, even if the exchange is secure, how do you guarantee that votes and
voters aren't being manufactured from whole cloth?
Ralph Shnelvar
On Thu, 16 Feb 2006 14:14:44 -0700, you wrote:
>Actually the bill does seem to be addressing only military personnel (for
>email), but i agree with you that the states track record is poor in regards
>to anything technical. Nevertheless, we are already using election machinery
>in almost all counties that are not only known to have security holes, but
>probably have manufacturer supplied hacks and back doors that guarantee a
>dishonest election.
>Email code would at least be owned by the state (or county), should be/could
>be open source, enough for oversight, and DNS hacking won't un-encrypt an
>encrypted email. (You don't have to use the most secure facilities
>available, if you provide the troops with machines of adequate security).
>
>ron
>
>-----Original Message-----
>From: Neal McBurnett [mailto:neal@xxxxxxxxxxxxxxxxx]
>Sent: Thursday, February 16, 2006 1:40 PM
>To: allun
>Cc: PKlammer@xxxxxxx; 'Barbara Simons'; 'Julieann Murphy Cross';
>Margitjo@xxxxxxx; alkolwicz@xxxxxxxxx; j.c.callahan@xxxxxxxx;
>gcahoon@xxxxxxxxx; laurieannb@xxxxxxx; stith@xxxxxxxxxxxxxx;
>richey80304@xxxxxxxxx; ivan.meek@xxxxxxxxx; 'Sheila Horton'; 'Ralph
>Shnelvar'; 'Richard Bowles'; 'Jessica Peck Corry';
>dellington@xxxxxxxxxxxxxxxxxxxxxxxx; 'David Hughes'; 'Monty Lambie';
>'Lotus'; 'Bob Mcgrath'; 'Carolyn Myers'; 'Alison Maynard Esq'; 'Paul Tiger';
>'Kelly Ceballos'; 'Joe Pezzillo'; 'Steve Gresh'; 'Lisa Burks'; 'Linda
>Seaborn'; 'Cindy L Espinoza'; 'Donald K Darnell'; 'Ellie Collinson'; 'Dr.
>Charles E. Corry'; 'Mary Hafner'; 'Carol Pfeffer'; 'Mark Heinrich'
>Subject: Re: DRAFT letter on SB06-062 email voting
>
>
>On Thu, Feb 16, 2006 at 02:31:01AM -0700, allun wrote:
>> Here's my thoughts on this: While you're right, an infected computer
>can
>> manipulate things, not everyone got those Sony distributed trojan
>horses.
>> In fact that's one of the pluses in my mind about email voting, in that
>> you have to krak way too many computers to make it economic. (and i use
>> Linux a lot). When you consider most computers (mine included) are off
>> more than 8 hours a day, then the Devil has to go somewhere else 8/7!
>> A military/embassy voting center (which is after all; what they're
>> proposing to do), sends and receives Top Secret emails on a VERY
>routine
>> basis. 128 bit private key encryption makes this WAY more secure than a
>> Diebold AccuScan ever thought of, so i just don't see what the fuss is
>all
>> about.
>
>I work on Internet protocols and authentication professionally. The
>lack of security of most Internet email is widely known, and a very
>complicated issue.
>
>The SERVE security analysis identified a lot of issues besides
>viruses. DNS hacks are just one example of the sort of threat they
>identified in which a small, anonymous attack could cause large
>problems.
>
>You assume the ballots would be sent from the sorts of computers that
>are approved for top-secret communications. Even if the program were
>confined to the military (which it is not), I wonder if
>top-secret-certified computers would be available to send this sort of
>email, or even capable of doing so. I would expect such equipment to
>be tightly controlled, and connecting sensitive machines over the
>Internet to the sorts of machines that clerks or the Secretary of
>state might run would at least raise some flags for me. And remember,
>the person sending the ballot will, for privacy reasons, be wary of
>other people being involved in sending the ballot.
>
>The clerks and secretary of state have not shown much understanding of
>basic security issues on disconnected voting machines, to say nothing
>of computers doing internet email communications between peace corps
>volunteers and clerks. Letting them decide how to do this, and do it,
>with "negligable funding" (as documented in the fiscal note), is a
>scary notion.
>
>Neal McBurnett http://bcn.boulder.co.us/~neal/
>Signed and/or sealed mail encouraged. GPG/PGP Keyid: 2C9EBA60
>
>> ron
>>
>>
>> -----Original Message-----
>> From: Pete Klammer [mailto:pklammer@xxxxxxxxxxx]
>> Sent: Wednesday, February 15, 2006 11:32 PM
>> To: 'Barbara Simons'; 'allun'; 'Julieann Murphy Cross';
>> Margitjo@xxxxxxx; alkolwicz@xxxxxxxxx; neal@xxxxxxxxxxxxxxxxx;
>> j.c.callahan@xxxxxxxx; gcahoon@xxxxxxxxx; laurieannb@xxxxxxx;
>> stith@xxxxxxxxxxxxxx; richey80304@xxxxxxxxx; ivan.meek@xxxxxxxxx;
>> 'Sheila Horton'; 'Ralph Shnelvar'; 'Richard Bowles'; 'Jessica Peck
>> Corry'; dellington@xxxxxxxxxxxxxxxxxxxxxxxx; 'David Hughes'; 'Pete
>> Klammer'; 'Monty Lambie'; 'Lotus'; 'Bob Mcgrath'; 'Carolyn Myers';
>> 'Alison Maynard Esq'; 'Paul Tiger'; 'Kelly Ceballos'; 'Joe Pezzillo';
>> 'Steve Gresh'; 'Lisa Burks'; 'Linda Seaborn'; 'Cindy L Espinoza';
>> 'Donald K Darnell'; 'Ellie Collinson'; 'Dr. Charles E. Corry'
>> Cc: 'Mary Hafner'; 'Carol Pfeffer'; 'Mark Heinrich'
>> Subject: RE: DRAFT letter on SB06-062 email voting
>>
>> And the recent Sony music-CD DRM fiasco, which installed a "rootkit"
>> trojan *BENEATH* the Windows O/S kernel, was capable of concealing
>> itself from all commercial antivirus programs, and even had the
>> potential to "phone home" with captured data, should open a few more
>> eyes. One would hope.
>>
>> As far as voting goes, a computer is not merely the Devil's
>playground,
>> it's the Devil's very own 24/7
>>
>go-go-flashing-lights-and-screaming-sound-virtual-reality-construction-kit-t
>heme-park!
>> --
>>
>> Pete Klammer, P.E. / ACM(1970), IEEE, ICCP(CCP), NSPE(PE),
>NACSE(NSNE)
>>
>> 3200 Routt Street / Wheat Ridge, Colorado 80033-5452
>>
>> (303)233-9485 / Fax:(303)274-6182 / Mailto:PKlammer@xxxxxxx
>>
>> "Idealism doesn't win every contest; but that's not what I choose it
>> for."
>>
>>
>>
>>
>>
>> -----------------------------------------------------------------------
>----
>>
>> From: Barbara Simons [mailto:simons@xxxxxxx]
>> Sent: Wednesday, February 15, 2006 7:53 PM
>> To: allun; Julieann Murphy Cross; Margitjo@xxxxxxx;
>alkolwicz@xxxxxxxxx;
>> neal@xxxxxxxxxxxxxxxxx; j.c.callahan@xxxxxxxx; gcahoon@xxxxxxxxx;
>> laurieannb@xxxxxxx; stith@xxxxxxxxxxxxxx; richey80304@xxxxxxxxx;
>> ivan.meek@xxxxxxxxx; Sheila Horton; Ralph Shnelvar; Richard Bowles;
>> Jessica Peck Corry; dellington@xxxxxxxxxxxxxxxxxxxxxxxx; David
>Hughes;
>> Pete Klammer; Monty Lambie; Lotus; Bob Mcgrath; Carolyn Myers; Alison
>> Maynard Esq; Paul Tiger; Kelly Ceballos; Joe Pezzillo; Steve Gresh;
>Lisa
>> Burks; Linda Seaborn; Cindy L Espinoza; Donald K Darnell; Ellie
>> Collinson; Dr. Charles E. Corry
>> Cc: Mary Hafner; Carol Pfeffer; Mark Heinrich
>> Subject: Re: DRAFT letter on SB06-062 email voting
>> The fundamental problem with the SERVE proposal was that it could do
>> nothing about the security, or more to the point, lack of security,
>on
>> the user's pc * or the pc in the library or internet cafe on which
>the
>> user would be voting. If a pc is infected with a malicious virus,
>all
>> bets are off. We have seen viruses that have been widely circulated
>> that have the capability of taking over the user's pc. Viruses could
>be
>> used to rig an election, as could man-in-the-middle attacks or
>phishing.
>> Internet voting could also be used to buy and sell votes.
>>
>> Public or quasi-public pcs are, if anything, even more vulnerable. In
>> addition to the virus risk, the owner could insert malicious code
>> beforehand.
>>
>> What I find so incredibly bizarre is that people don't use the
>internet
>> to provide the voter with a ballot. A blank ballot obtained over the
>> internet, printed out, and mailed in via US mail is no more
>vulnerable
>> than a normal absentee ballot * assuming that the voter can check
>that
>> all races and candidates are included on the ballot. But developing
>a
>> system that involves emailing a voted ballot, given today's insecure
>> infrastructure, is highly irresponsible.
>>
>> My suggestion is to redo the letter completely and start with a set
>of
>> bullet points that list all of the risks and vulnerabilities of
>internet
>> voting. I think that the SERVE report did a reasonable job of
>> summarizing such risks. I agree with other comments that a short and
>> pointed letter is better. I would delete everything, including
>emails,
>> stories about employee theft, and remarks about Accenture, except
>> perhaps for the reference to the Colorado constitution. I would
>suggest
>> that you focus almost entirely on the risks of internet voting. If
>you
>> don't keep it short and pointed, no one will read your letter.
>>
>> Regards,
>> Barbara
>>
>> On 2/15/06 15:27, "allun" <r_msft@xxxxxxxxxxxx> wrote:
>>
>> As you may recall, i'm an engineer with several years experience
>doing
>> just this sort of thing, and i don't see any reason why it couldn't
>be
>> done securely, quickly, cheaply, well within today's technology,
>(and
>> without the need of some kind of optical scanner to interpret the
>> result) so i disagree with your 1st statement. Whether the State
>has
>> the expertise or will to evaluate and pick qualified implementors,
>i'm
>> in no position to judge, but judging by such things as the
>Accenture
>> fiasco, i tend to agree with you on your 2nd & 3rd statements
>Here's
>> the thing, though, I really don't think i'm capable of protesting a
>> law which might (eventually?) take Diebold and associated corrupt
>> machinery out of the picture, no matter how poorly it's
>implemented!
>> ron
>
>--
>No virus found in this incoming message.
>Checked by AVG Free Edition.
>Version: 7.1.375 / Virus Database: 267.15.9/261 - Release Date: 2/15/2006